Calendly
Authentication & Authorization
Credentials
- Calendly connects via OAuth 2.0 with authorization code grant flow.
- Client ID and Client Secret credentials can be obtained during the setup of the Calendly application. See Calendly Connection Instructions.
- DataGrail uses Refresh Token Flow to periodically update Access Token after it expires to keep the connection alive.
- Publicly exposing your API credentials can allow unauthorized access to the Calendly API endpoints, and your Calendly data by a third party. DataGrail stores your API credentials encrypted and protected.
Scopes
Calendly API doesn’t require specific scopes that need to be approved by you in order to grant DataGrail read/write access on certain objects necessary to complete privacy requests.
Endpoints Utilized
- Request authorization:
- GET https://auth.calendly.com/oauth/authorize
- Get and refresh access token:
- POST https://auth.calendly.com/oauth/token
- Validate that credentials are good based on a successful response:
- GET https://api.calendly.com/users/me
Limits
DataGrail processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).
Access
For an access request, DataGrail will take the following actions:
- List Organization Invitations - collect a list of Organization invitations with the filtering by the Data Subject email.
- List Organization Memberships - collect a list of users belonging to an Organization with the filtering by the Data Subject email.
- List Events - collect a list of the scheduled events with the filtering by the Data Subject email as an invitee email.
- List Event Invitees - collect a list of scheduled event invitees with the filtering by the Data Subject email as an invitee email.
- For all objects found, DataGrail will return all available fields. You can edit which objects and fields you want to provide to the Data Subject via our Portal Requests.
Endpoints Utilized
- GET https://api.calendly.com/organizations/{uuid}/invitations
- GET https://api.calendly.com/organization_memberships
- GET https://api.calendly.com/scheduled_events
- GET https://api.calendly.com/scheduled_events/{uuid}/invitees
DataGrail also supports the Direct Contact Access workflow for Calendly.
Deletion
For a deletion request, DataGrail will take the following actions:
- Collect Organization Invitations for the given Data Subject Email and delete (revoke) each of them. Please note that if an invitation has been accepted , it cannot be deleted.
- Collect Organization Memberships for the given Data Subject Email and remove User from Organization.
Endpoints Utilized
- GET https://api.calendly.com/organizations/{uuid}/invitations
- DELETE https://api.calendly.com/organizations/{org_uuid}/invitations/{uuid}
- GET https://api.calendly.com/organization_memberships
- DELETE https://api.calendly.com/organization_memberships/{uuid}
DataGrail also supports the Direct Contact Deletion workflow for Calendly.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.